Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
35
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
85
Getting Blindly Lucky
jr0ch17
0
63
Qu'est-ce que le bug bounty?
jr0ch17
0
98
Finding 5 bugs in a single parameter
jr0ch17
0
64
Beyond the Borders of Scope
jr0ch17
0
48
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
LLM as プロダクト開発のパワードスーツ
layerx
PRO
1
150
Zabbixチョットデキルとは!?
kujiraitakahiro
0
160
Amazon CloudWatch Application Signals ではじめるバーンレートアラーム / Burn rate alarm with Amazon CloudWatch Application Signals
ymotongpoo
5
270
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
21k
Amebaにおける Platform Engineeringの実践
kumorn5s
6
890
食べログが挑む!飲食店ネット予約システムで自動テスト無双して手動テストゼロを実現する戦略
hagevvashi
1
150
Lightdashの利活用状況 ー導入から2年経った現在地_20250409
hirokiigeta
2
270
SRE NEXT CfP チームが語る 聞きたくなるプロポーザルとは / Proposals by the SRE NEXT CfP Team that are sure to be accepted
chaspy
1
560
ペアーズにおけるData Catalog導入の取り組み
hisamouna
0
270
やさしいMCP入門
minorun365
PRO
146
93k
All You Need Is Kusa 〜Slackデータで始めるデータドリブン〜
jonnojun
0
140
LangChainとLangGiraphによるRAG・AIエージェント実践入門「10章 要件定義書生成Alエージェントの開発」輪読会スライド
takaakiinada
0
120
Featured
See All Featured
A Tale of Four Properties
chriscoyier
158
23k
GraphQLの誤解/rethinking-graphql
sonatard
71
10k
Code Reviewing Like a Champion
maltzj
522
39k
For a Future-Friendly Web
brad_frost
176
9.7k
Become a Pro
speakerdeck
PRO
27
5.3k
How to Ace a Technical Interview
jacobian
276
23k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
9
740
The Invisible Side of Design
smashingmag
299
50k
Raft: Consensus for Rubyists
vanstee
137
6.9k
Building Applications with DynamoDB
mza
94
6.3k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
32
4.9k
Testing 201, or: Great Expectations
jmmastey
42
7.4k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
layerx
kujiraitakahiro
ymotongpoo
safie_recruit
kumorn5s
hagevvashi
hirokiigeta
chaspy
hisamouna
minorun365
jonnojun
takaakiinada
chriscoyier
sonatard
maltzj
brad_frost
speakerdeck
jacobian
tammyeverts
smashingmag
vanstee
mza
kevinliebholz
jmmastey
